Fix needless security warning on BMP attachments display (#1490282)

CHANGELOG

@@ -6,6 +6,7 @@ CHANGELOG Roundcube Webmail
 - Fix saving/sending emoticon images when assets_dir is set
 - Fix PHP fatal error when visiting Vacation interface and there's no sieve script yet
 - Fix setting max packet size for DB caches and check packet size also in shared cache
+- Fix needless security warning on BMP attachments display (#1490282)
 
 RELEASE 1.1.0
 -------------

program/steps/mail/func.inc

@@ -1959,9 +1959,16 @@ function rcmail_identity_select($MESSAGE, $identities = null, $compose_mode = 'r
 // Fixes some content-type names
 function rcmail_fix_mimetype($name)
 {
+    $map = array(
+        'image/x-ms-bmp' => 'image/bmp', // #1490282
+    );
+
+    if ($alias = $map[strtolower($name)]) {
+        $name = $alias;
+    }
     // Some versions of Outlook create garbage Content-Type:
     // application/pdf.A520491B_3BF7_494D_8855_7FAC2C6C0608
-    if (preg_match('/^application\/pdf.+/', $name)) {
+    else if (preg_match('/^application\/pdf.+/', $name)) {
         $name = 'application/pdf';
     }
     // treat image/pjpeg (image/pjpg, image/jpg) as image/jpeg (#1489097)

program/steps/mail/get.inc

@@ -138,7 +138,7 @@ else if (strlen($part_id)) {
             $file_extension = strtolower(pathinfo($part->filename, PATHINFO_EXTENSION));
 
             // 1. compare filename suffix with expected suffix derived from mimetype
-            $valid = $file_extension && in_array($file_extension, (array)$extensions) || !empty($_REQUEST['_mimeclass']);
+            $valid = $file_extension && in_array($file_extension, (array)$extensions) || empty($extensions) || !empty($_REQUEST['_mimeclass']);
 
             // 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension
             if ($valid || !$file_extension || $mimetype == 'application/octet-stream' || stripos($mimetype, 'text/') === 0) {
@@ -164,7 +164,7 @@ else if (strlen($part_id)) {
                 else {
                     // get valid file extensions
                     $extensions      = rcube_mime::get_mime_extensions($real_mimetype);
-                    $valid_extension = (!$file_extension || in_array($file_extension, (array)$extensions));
+                    $valid_extension = !$file_extension || in_array($file_extension, (array)$extensions);
                 }
 
                 // fix mimetype for images wrongly declared as octet-stream
@@ -172,7 +172,10 @@ else if (strlen($part_id)) {
                     $mimetype = $real_mimetype;
                 }
 
-                $valid = ($real_mimetype == $mimetype && $valid_extension);
+                // "fix" real mimetype the same way the original is before comparison
+                $real_mimetype = rcmail_fix_mimetype($real_mimetype);
+
+                $valid = $real_mimetype == $mimetype && $valid_extension;
             }
             else {
                 $real_mimetype = $mimetype;